1. Field of the Invention
The present invention relates to a portable electronic device, called an IC card, in which, e.g., personal information or transaction information is stored, and a control method thereof.
2. Description of the Related Art
Recently, portable electronic devices, such as the IC card, are utilized in various applications. Particularly, personal information or money-related transaction information is frequently stored in the IC card. In the IC card or a system in which the IC card is used, a high level of security is demanded, and a technique of preventing unauthorized access is demanded.
Jpn. Pat. Appln. KOKAI Publication Nos. 60-207957 (Pat. document 1) and 11-282991 (Pat. document 2) disclose techniques of detecting the unauthorized access based on a type of command and an execution sequence for the IC card. In the techniques, the type of correct command (command name) and the execution sequence are stored in a data table, and the IC card restricts the execution of the given command when the various commands are given in the sequence which is not stored in the data table or when a type of command (command name) which is not stored in the data table is given. However, in the techniques, process contents of each command are not checked. Accordingly, even if the process contents of each command is not authorized, the IC card cannot detect fraud but execute each command when the each command is given in each command name according to a predetermined sequence.
Recently, IC cards are being provided with ever higher levels of functionality. In the multifunctional IC card, various processes (functions) are realized by plural applications. The applications execute various processes according to different process sequences, respectively. Accordingly, in the conventional technique, there is also a problem that the execution sequence cannot be restricted in each application for the one IC card in which the plural applications are operated.
In the conventional technique, during the execution according to the predetermined sequence, the IC card executes the process according to the command. Accordingly, even if the fraud of the execution sequence by the command name is detected to halt the process, the process result executed prior to process halting cannot be canceled. For example, when data stored in a memory is rewritten in response to a write command given according to the predetermined execution sequence, the rewritten data cannot be restored even if the fraud is detected by the subsequent command execution sequence. That is, in the conventional technique, there is a problem that the data is possibly altered before the unauthorized access is detected.
Particularly, in a contactless IC card which executes various processes through wireless communication with an upper-level device, the unauthorized access is possibly made without being noticed by a user. This is because a malicious third party may make access to the IC card through wireless communication while the user is not aware of the unauthorized access, even if the user properly manages the IC card.
Because there is a limitation of a device size for the IC card, the IC card has a low-speed and small-capacity EEPROM or flash memory which is built in as a non-volatile memory. That is, in the IC card, unlike a general information processing device such as a computer, it is difficult to perform a process of detecting the unauthorized access using a hard disk drive or a large-capacity non-volatile memory.
WO 01/022359 (Pat. document 3) discloses a technique of displaying information indicating that the unauthorized access is made to the IC card. However, in the technique of Pat. document 3, it is necessary that the IC card include a particular circuit and component for performing the display on the IC card. The user is possibly not aware of the unauthorized access even if the information indicating that the unauthorized access is made to the IC card is displayed. Furthermore, even if the information indicating that the unauthorized access is made to the IC card is displayed, it is difficult to closely examine the contents of the unauthorized access.